Impact Management Programme - Privacy Statement

Your privacy is important to the Impact Management Programme. This privacy statement provides information about the different types of personal information that we collect and the ways in which we use it, although please note that not all of this will be applicable to you. If in doubt please feel free to check by contacting us using the contact details included at clause 13.

1. When do we collect personal information about you?

We may hold information relating to you from a number of sources, and will collect personal information about you:

When you give it to us directly
For example, personal information that you submit through our website by signing up to our blog or email newsletter, or contacting us to make a donation, or any personal data that you share with us when you communicate with us by email, phone or post.

When we obtain it indirectly
Your personal information may be shared with us by third parties, including our business partners, our sub-contractors in technical and payment services, advertising networks, research providers and search information providers.

When it is publicly available
our personal data may be available to us from external publicly available sources.

When you visit our website
The Impact Management Programme uses cookies to improve your experience on our website. Please refer to our cookies policy for details on the way our use of cookies may affect your personal data.

When it is publicly available
Your personal data may be available to us from external publicly available sources.

2. What personal information do we use?

We may collect, store and otherwise process the following kinds of personal information:

Your name and contact details, including email address, postal address, telephone number, and social media identity;

Information about our services which you use, such as Impact Management Programme events and meetings with Impact Management Programme representatives that you have attended and your communication preferences;

Information about your computer/ mobile device and your visits to and use of this website, including, for example, your IP address and geographical location; and

Any other personal information which you choose to share with us as per clause 1.

Special categories of data

The EU General Data Protection Regulation ("GDPR") recognises certain categories of personal information as sensitive, and therefore requiring more protection. These categories of data include information about your health, ethnicity, and political opinions. In certain situations, we may collect and/or use special categories of data (for example in order to make adjustments for any disabilities or dietary requirements you may have when attending our events). We will only process these special categories of data if there is a valid reason for doing so and where the GDPR allows us to do so. For instance, by seeking your explicit consent to use such data.

3. Lawful processing

We are required to have one or more lawful grounds to collect and use the personal information that we have outlined above. We consider the grounds listed below to be relevant:

Consent
Where you have provided your consent for our use of your personal information in a certain way, for example where we ask for your consent to send you our newsletter.

Legal obligation
Where the processing of your personal information is necessary for us to comply with a legal obligation to which we are subject, for example where we have to share your personal information with regulatory bodies which govern our work.

Contractual relationship
Where it is necessary for us to process your personal information in order to perform a contract to which you are a party (or to take steps at your request prior to entering a contract), for example where you a client, or you volunteer with us or provide associate consulting services.

Legitimate interests
Where applicable law allows us to collect and use personal information on the condition that to do so is reasonably necessary for our legitimate interests (and the use of your personal information is fair, balanced, and does not unduly impact your rights). We may rely on this ground to process your personal information when we believe that it is more practical or appropriate than asking for your consent. For instance, we rely on the legitimate interest ground to process your personal data.

in order to protect the security of our networks e.g. when we receive external emails we will scan such emails for any threats.

in order to capture your contact details when you have expressed a desire to remain in contact with the Impact Management Programme without wanting to opt-in to our direct mailing.

4. How we use your personal information

Once you choose to provide us with personal information we will make reasonable efforts to ensure that your personal information is only used for the purposes specified in this privacy policy.

We may use your personal information:

to provide you with services, products or information that you have requested;

to provide updates about our work, services, activities, publications or products (where necessary, and only where you have provided your consent to receive such information);

to invite you to Impact Management Programme events which we feel that you might be interested in;

to answer your questions/ requests and communicate with you in general;

to further our charitable aim in general, including asking for volunteer support;

to satisfy legal obligations which are binding on us, for example in relation to regulatory, government and/ or law enforcement bodies with whom we may work, or due diligence checks before accepting major donations;

for the prevention of fraud or misuse of service; and

for the establishment, defence of enforcement of legal claims.

5. Research

We may analyse your personal information to create a record of your interests and preferences to help us manage our records efficiently and effectively. This allows us to ensure that communications (e.g. by post, telephone, email, text or social media) are appropriate and to generally provide you with an improved user experience.

If you would prefer us not to use your personal information in this way please let us know by using the contact details included at clause 13.

6. Do we share your personal information?

We will not sell, rent or lease your personal information to others. However, we may disclose your personal information to selected third party processors (such as partners, sub-grantees or sub-contractors) for the purposes outlined at clause 4. The third party in question will be obligated to use any personal data they receive in accordance our instructions.

In particular, we reserve the right to disclose your personal information to third parties:

in the event that we buy or sell any business or assets, in which case we will disclose your personal information to the prospective buyer or seller or such business or assets;

if substantially all of our assets are acquired by a third party, personal information held by us may be one of the transferred assets;

if we are under any legal or regulatory obligation to do so; and

in connection with any legal proceedings or prospective legal proceedings, in order to establish, exercise or defend our legal rights.

7. International Data Transfers

As we sometimes use third parties to process personal information, it is possible that personal information we collect from you will be transferred to and stored in a location outside the UK or the European Economic Area ("EEA").

Please note that certain countries outside of the UK or EEA have a lower standard of protection for personal information, including lower security protections. Where your personal information is transferred, stored, and/or otherwise processed outside the UK or EEA in a country which does not offer an equivalent standard of protection to the UK or EEA, we will take all reasonable steps necessary (including entering into standard contractual clauses to protect your personal information or relying on the Privacy Shield for transfers to organisations in the US) to ensure that the recipient implements appropriate safeguards designed to protect your personal information. If you have any questions about the transfer of your personal information, please contact us using the details at clause 13.

8. Securing your personal information

We will take reasonable technical and organisational precautions to prevent the loss, misuse or alteration of your personal information. We will store all the personal information you provide on secure servers.

9. How long do we keep your personal information?

We will generally remove your personal information from our records six years after the date that it was collected unless (a) we are required to hold for longer for legal or regulatory purposes; or (b) still required in connection with the purpose for which it was collected and/or processed. However, we will remove your personal information from our records before this date if we become aware that (a) your personal information is no longer required in connection with such purpose(s); (b) we are no longer lawfully entitled to process it; or (c) you validly exercise one of your right of erasure under clause 10.

10. Your rights and preferences

We may contact you by post unless you request otherwise, and by telephone, email, text, social media or other electronic means depending on the communication preferences you have previously indicated. Where we rely on your consent to use your personal information, you have the right to:

Ask us for confirmation of what personal information we hold about you, and to request a copy of that information. If we are satisfied that you have a legal entitlement to see this personal information, and we are able to confirm your identity, we will provide you with this information.

Request that we delete the personal information we hold about you, as far as we are legally required to do so.

Ask that we correct any personal information that we hold about you which you believe to be inaccurate.

Object to the processing of your personal information where we: (i) process on the basis of the legitimate interests ground; (ii) use the personal information for direct marketing; or (iii) use the personal information for statistical purposes.

Ask for the provision of your personal information in a machine-readable format to either yourself or a third party, provided that the personal information in question has been provided to us by you, and is being processed by us: (i) in reliance on your consent; or (ii) because it is necessary for the performance of a contract to which you are party; and in either instance, we are processing using automated means.

Ask for processing of your personal information to be restricted if there is disagreement about its accuracy or legitimate usage.

If you decide you do not want to receive any further emails from the Impact Management Programme, please tell us and we will remove you from the mailing list. At any point you can request to unsubscribe from the Impact Management Programme's mailing or remove your personal information from the database by contacting us using the details listed at clause 13.

Please note that where you ask us to delete your personal information we will maintain a skeleton record comprising your name and organisation to ensure that we do not inadvertently contact you in the future. We may also need to retain some records for statutory purposes.

Please note that you also have the right to lodge a complaint with the Information Commissioner's Office at www.ico.org.uk/concerns

11. Other websites

The Impact Management Programme is not responsible for the privacy practices or the content of linked web sites. Please review the privacy notices of such websites.

12. Updating this privacy statement

We may update this privacy statement by posting a new version on this website. If we update this privacy statement in a way that significantly changes how we use your personal information, we will use reasonable efforts to bring these changes to your attention where we have your contact details. Otherwise, we would recommend that you periodically review this privacy statement to be aware of any other revisions.

13. How to contact us

Rachel Tait, Programme Manager, is responsible for monitoring compliance with relevant legislation in relation to personal data. You can also contact the Programme Manager if you have any questions about this privacy statement or our treatment of your personal information: